The Cisco Linksys WET11 is vulnerable to having the password reset simply by going to a known URL on the administrative interface recently after the systems administrator has logged in. It is not necessary to know the current password.
41a5685548d9372b766fdd212e2e121b1473c1fcba0c32e03733c9355f3cea6d
This Metasploit module exploits a directory traversal vulnerability which is present in different Linksys home routers, like the E1500.
1b266011b49f772cc08ef8b3e5dea3809e10c85a4414090de77d328704d8e8ad
Some Linksys Routers are vulnerable to OS Command injection. You will need credentials to the web interface to access the vulnerable part of the application. Default credentials are always a good starting point. admin/admin or admin and blank password could be a first try. Note: This is a blind OS command injection vulnerability. This means that you will not see any output of your command. Try a ping command to your local system and observe the packets with tcpdump (or equivalent) for a first test. Hint: To get a remote shell you could upload a netcat binary and exec it. WARNING: this module will overwrite network and DHCP configuration.
c0a0294f6b84501bb7ca89228ea567596e04b04818d4997fb6266f71b440692b
Some Linksys Routers are vulnerable to an authenticated OS command injection. Default credentials for the web interface are admin/admin or admin/password. Since it is a blind os command injection vulnerability, there is no output for the executed command. A ping command against a controlled system for can be used for testing purposes.
7f7d1bbbfb525f37582b2bf919f733423d2bcd0aca7120a2b10a56d88e9c9eb0
This Metasploit module exploits a stack-based buffer overflow vulnerability in the WRT120N Linksys router to reset the password of the management interface temporarily to an empty value. This Metasploit module has been tested successfully on a WRT120N device with firmware version 1.0.07.
8c48cc9aba6358bbaaaa868166dc5b29ae82fbde8cfb579604b70ce724082f81
Linksys AX3200 version 1.1.00 suffers from a remote command injection vulnerability.
70551db6a71971ee82e0b02a5060b2c4eb6554d8452a0b3e5bf15708b8f17148
Linksys EA7500 version 2.0.8.194281 suffers from a cross site scripting vulnerability due to an old jQuery version.
ed64587e6af38672498f31d0fd4d09d6a672715c905304f9cc64acecea858861
Linksys RE6500 version 1.0.11.001 unauthenticated remote code execution exploit.
9efc9ac468518ee2905498668bcc7c0449034c86f3cda495c0476099603232f6
Linksys.com suffers from a cross site scripting vulnerability.
277fce00d69a11ebe93c5dbe29b716a34e3d3c0b6bc82d5e1e02f2178b4090cb
The Linksys WVBR0-25 Wireless Video Bridge, used by DirecTV to connect wireless Genie cable boxes to the Genie DVR, is vulnerable to OS command injection in versions prior to 1.0.41 of the web management portal via the User-Agent header. Authentication is not required to exploit this vulnerability.
60407736f7e1de1519b05fc55add0932a67fcd3d6570595d9a8476a3162c5651
Linksys E2500 and E1200 devices suffered from a command injection vulnerability.
4809215ff6bf7ac34139ad0ed64e0c279221a469257b12c842d63878327b9050
Parent controls on the Linksys E1200 suffered from having missing authorization controls.
d69510cd73278b8deb8109b50b2d422b2b1d8c1673b2ab98fec4e63eead695a9
The Linksys X2000 suffers from a remote, unauthenticated command execution vulnerability that scores root privileges.
780ce5cf269501946fe350376b8f4c285c696d279123637112d467d5e14f3e90
Some Linksys E-Series Routers are vulnerable to an unauthenticated OS command injection. This vulnerability was used from the so called "TheMoon" worm. There are many Linksys systems that might be vulnerable including E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000, E900. This Metasploit module was tested successfully against an E1500 v1.0.5.
8562df406cf3a664284fb32daf860dcc7c4a95b65db2f358b2abed16cc85d646
Proof of concept exploit used by the recent Linksys worm (known as "Moon"). Exploits blind command injection in tmUnblock.cgi.
ae7d5127e7b3b8fa46d888c48b1a569122f9a4eb074e9be265ffb8853f9989d3
Linksys products EA2700, EA3500, E4200, and EA4500 suffer from having an unauthenticated interface on port 8083 periodically.
c93dc6b97572e7b9d7273d159d461be3bb7465f6b1ea286140fabecda91500c0
Linksys E-Series unauthenticated remote command execution exploit that leverages the same vulnerability as used in the "Moon" worm.
78e82ca781d0bf202c1592072afde4056c2f49e9ef54f2deb4e6b7ae0a5203ab
The Linksys WRT110 consumer router is vulnerable to a command injection exploit in the ping field of the web interface.
44b428488518ed2abeee03160462e56c8203577c382cafa8ace86476e15928be
The Linksys WRT110 consumer router is vulnerable to a command injection exploit in the ping field of the web interface.
5fdabb65539c0e2248afcba9871e415908777fb0b2f288107530f6a551406d99
On various Linksys devices, an unspecified bug can cause an unsafe/undocumented TCP port to open allowing for unauthenticated remote access to the device.
498c65c860fe5d919123b02b7dda83e1dd02868d0b1adb1db402354c60007bd1
Linksys WRT110 suffers from root shell command injection and cross site request forgery vulnerabilities.
850308c35db1a6b6413065eb09749bb1a66bb16d4e5f80c535788b446adada12
Linksys versions EA2700, EA3500, E4200, EA4500 using lighttpd 1.4.28 and Utopia on Linux 2.6.22 suffer from an unauthenticated access vulnerability.
266da9dd8a7b398661ea49b23a60a0543c4ac5cb9c8e7faecc5ce203cbee23b6
Linksys X3000 with firmware version 1.0.03 build 001 suffers from cross site scripting and remote command injection vulnerabilities.
9c441bf0e5c4abc193de4dc4b9a32d21f52156309d5de56f97d5e1c801f09e64
Some Linksys Routers are vulnerable to an authenticated OS command injection on their web interface where default credentials are admin/admin or admin/password. Since it is a blind OS command injection vulnerability, there is no output for the executed command when using the cmd generic payload. This Metasploit module has been tested on a Linksys WRT160n version 2 - firmware version v2.0.03. A ping command against a controlled system could be used for testing purposes. The exploit uses the tftp client from the device to stage to native payloads from the command injection.
f9f09e58e33c3c7939cc2ed16b2c26b3cc52e2b7e29498141ef9d035fec7d9f7
Cisco Linksys E1200 and N300 routers version 2.0.04 suffer from a cross site scripting vulnerability.
c940fba04264c2e267af39f6a7ead1f281c2d9cc0420ff4ca58897013a5ee1c6
Some Linksys Routers are vulnerable to an authenticated OS command injection in the Web Interface. Default credentials are admin/admin or admin/password. Since it is a blind os command injection vulnerability, there is no output for the executed command when using the cmd generic payload. A ping command against a controlled system could be used for testing purposes. The user must be prudent when using this module since it modifies the router configuration while exploitation, even when it tries to restore previous values.
842e633a501f723e29c147350b0f672da78b474050f74be28f55d1501d673b3c